Monday, June 10, 2019

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period:June 20 2019

Wapack Labs identified connections from 72,021 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: June 20, 2019 

On 20 June 2019, Wapack Labs identified 95 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Thursday, May 23, 2019

Mirai A Self-propagating Mutating Bot Malware

In May 2019, Wapack Labs performed an inventory of recent Mirai specimens on Virus Total. A total of 29K malware specimens were observed during the period spanning from early March to mid-May 2019. A comprehensive indicator list is provided as a companion document to this product.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wednesday, May 22, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 20, 2019 

On 20 May 2019, Wapack Labs identified 28 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: May 20 2019

Wapack Labs identified connections from 68,359 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Thursday, May 16, 2019

LinkedIn, Twitter and Facebook, are not Likely to Survive Russian Internet Isolation Legislation

Social media giants, Twitter and Facebook, are in a legal struggle over previous Russian legislation which requires these companies to store Russian personal data in Russia. Currently, LinkedIn is banned in Russia. On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill.  Russia will develop its own DNS system to conduct special Internet controls. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: May 13 2019

Wapack Labs identified connections from 51,037 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Tuesday, May 7, 2019

Remote Desktop Protocol (RDP) a Deep Dive Webinar


Save the Date: Friday Noon EST, May 10th 
Click Here to Register

Wapack Labs is excited to invite you to our 2nd Cyber Intelligence on-line Briefings (CIB). This webinar is a deep dive into Remote Desktop Protocol (RDP). Jesse Burke, Advanced Cyber Analyst, will share research on RDP Wrap, Backdoors, Inception, and MiTM. Join our webinar on Friday noon for the webinar and the reports.

Wednesday, May 1, 2019

Wipro Attack Exposes Multiple Targets


In April 2019, Krebs reported that Wipro, an Indian IT outsourcing company, was the victim of a successful cyber attack by suspected state-sponsored actors. The actors leveraged ScreenConnect, a remote administration tool, to gain access to various Wipro systems which were then used as launching points for additional attacks against Wipro’s customers.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: April 29 2019

Wapack Labs identified connections from 53,562 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: April 29, 2019 

On 29 April 2019, Wapack Labs identified 12 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wednesday, April 24, 2019

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: April 22, 2019

Wapack Labs identified connections from 59,676 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: April 22, 2019 

On 22 April 2019, Wapack Labs identified 167 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wednesday, April 17, 2019

Loki's Underground Evolution

Loki is a very popular bot/stealer malware which has been for sale in the underground since 2015.  In 2017, two hackers from the Russian hacking forum fuckav.ru cracked Loki and released a cracked builder.  Once the cracked builder was released new unofficial versions of Loki were found for sale in novice English speaking forums for less than the original version. 
To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: April 15, 2019 

On 15 April 2019, Wapack Labs identified 12 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems.